We have a task to collect logs on a remote server, we are currently trying Elastic Kibana solution and have not been able to find a solution with support for more than 2 weeks.
Windows Server - logstash server.
At the last step of the installation run PowerShell command: bin\logstash -f mikrotik.conf
It hangs here and the process doesn't go any further. No logging to ELK. Elastic support is not very good at adding a Mikrotik and they believe there is a missing rule on the router.
Input configuration:[2021-02-10T11:57:44,364][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"
=>1.88}
[2021-02-10T11:57:44,904][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-02-10T11:57:44,943][INFO ][logstash.inputs.syslog ][main][0f5fb9cf96985447f83be753c676bd828f1e2bbc7ab
c23dc207b3] Starting syslog tcp listener {:address=>"0.0.0.0:5045"}
[2021-02-10T11:57:44,969][INFO ][logstash.inputs.syslog ][main][0f5fb9cf96985447f83be753c676bd828f1e2bbc7ab
c23dc207b3] Starting syslog udp listener {:address=>"0.0.0.0:5045"}
[2021-02-10T11:57:45,012][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :
non_running_pipelines=>[]}
[2021-02-10T11:57:46,064][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
input {
syslog {
port => 5045
type => syslog
}
}
I’ve tried to add output rule in Mikrotik firewall (upd port 5045) and I see small traffic, but no changes, logs not displayed in Kibana. Please help.